Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
Christopher, > Am 01.06.2017 um 16:33 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Tobias, > >> On 6/1/17 3:53 AM, Tobias Soloschenko wrote: >> a long time ago I tried out to install Apache Tomcat with HTTP/2 >> support on macOS. I finally got a short time window to complete a >> developer quickstart guide for that: > > Wouldn't this all be a lot easier if you used the NIO connector > instead of APR? No XCode/OpenSSL/tcnative necessary. > >> 1. Download XCode from the AppStore >> >> >> 2. Install Brew: http://brew.sh/ >> >> >> 3. Download Apache Tomcat binaries > 8.5 http://tomcat.apache.org/ >> >> >> 4. Install APR and OPENSSL with “brew install openssl” and “brew >> install apr” >> >> >> 5. Create pem files in “apache-tomcat-8.5.15/conf” folder - use >> “changeit” every time a password is going to be requested (The >> commands can be executed separately or within a shell script): >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -des3 -out >> localhost-rsa-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -out >> localhost-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in >> localhost-rsa-key -out localhost-key >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl req -new -key >> localhost-key -out localhost-csr >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl x509 -req -days 365 >> -in localhost-csr -signkey localhost-key -out localhost-crt >> >> cat localhost-key localhost-crt > localhost-rsa-cert.pem >> >> cat localhost-rsa-cert.pem > localhost-rsa-chain.pem >> >> cat localhost-rsa-key > localhost-rsa-key-mod.pem >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in >> localhost-rsa-key-mod.pem -out localhost-rsa-key.pem >> >> >> 6. Uncomment the http/2 connector with protocol >> “org.apache.coyote.http11.Http11AprProtocol” in the >> "apache-tomcat-8.5.15/conf/server.xml" >> >> >> 7. Tomcat native installation >> >> Extract “apache-tomcat-8.5.15/bin/tomcat-native.tar.gz” >> >> Go into folder >> “apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native” >> >> Run “./configure --with-apr=/usr/local/Cellar/apr/1.5.2_3/ >> --with-ssl=/usr/local/Cellar/openssl/1.0.2l” >> >> Run “make” >> >> >> 8. Create a setenv.sh file within the /bin folder and add >> lines: >> >> LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/Cellar/apr/1.5.2_3/libexec > /lib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nat > ive/.libs >> >> >> JAVA_OPTS="-Djava.library.path=/usr/local/Cellar/apr/1.5.2_3/libexec/l > ib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nativ > e/.libs" >> >> >> >> 9. Start Server >> >> >> * Note1: The paths might be adjusted according to the version of >> openssl / apr / tomcat-native / tomcat version >> >> >> Logs: >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded >> APR based Apache Tomcat Native library [1.2.12] using APR version >> [1.5.2]. >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR >> capabilities: IPv6 [true], sendfile [true], accept filters [false], >> random [true]. >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent >> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL >> [true] >> >> 01-Jun-2017 09:32:46.556 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.initializeSSL >> OpenSSL successfully initialized [OpenSSL 1.0.2l 25 May 2017] >> >> >> My question regarding this guide: Is there anything which might be >> changed or is bad practice? > > Everything looks good to me. > > Whenever I try to build tcnative on my Mac, I find that XCode has > broken some kind of symlink somewhere that I need to correct in order > to use clang from the CLI. Some notes about how to work-around that > would be good. I was thinking of adding this line as optional. I tried to write a guide sometime ago but failed and switched to jetty. I am very happy that Tomcat with http/2 is running for me because I can test the Apache Wicket http/2 experimental integration on both servers, now. http://tomcat.10.x6.nabble.com/Apache-Tomcat-9-0-0-M4-and-http-2-on-Mac-OS-X-10-11-4-td5048883.html Point 5. of this guide shows how to create the symlink. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJZMCXKAAoJEBzwKT+lPKRY7x8P/jvES/2Z5MZOWcq2mHabGkxu > PDPoi9X+gdWet/ucMToyuI0gHoJe9s51RsqWRn5T4jW+XuOmjgKEpgTM2+qbDwpB > q3T/ZFWL31YMFwJ3YFOD6MZzQ89MqfK8pLvJ7pIzXjYLWL+8gaAfBXAwg7lmdLr/ > TM5fnl5lwzEw9sTdkNZ+o1bIjbs4PkpxKP7X3vZylnwRVKrP/5q3NQirBiXuG/Dn > RMlhjAfepog24L/Wja/DAQVgq4EjHfh9KvxytN1WHO7o9x6d9seBCm5PtR+6If3B > GxvGSfd47AcbA/T2nUnSAPLrGQheUCWw31StFvsNY1n2z6/6iISabRzxHLL3JPf4 > 7Qr92AKt9FVFDlzfHlzYWp+zoRcDX+ApjFU
Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
Hi, what do you think of adding this to wiki or a place to point to? kind regards Tobias - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
On 1 June 2017 17:03:48 BST, Christopher Schultz wrote: >Mark, > >On 6/1/17 11:46 AM, Mark Thomas wrote: >> On 1 June 2017 15:33:46 BST, Christopher Schultz >> wrote: >>> Tobias, >>> >>> On 6/1/17 3:53 AM, Tobias Soloschenko wrote: a long time ago I tried out to install Apache Tomcat with HTTP/2 support on macOS. I finally got a short time window to complete a developer quickstart guide for that: >>> >>> Wouldn't this all be a lot easier if you used the NIO connector >>> instead of APR? No XCode/OpenSSL/tcnative necessary. >> >> But then you wouldn't have HTTP/2 support. Well you could have >> HTTP/2 if you used 9.0 x on Java 9 but there were a few wrinkles >> running Tomcat on Java 9 the last time I checked. > >Oh, I didn't realize that HTTP/2 required the APR connector. It doesn't. It does require tomcat-native on 8.5.x. >Funny... there is nothing on the Tomcat 8.5 HTTP/2 page that says >anything about that requirement: >http://tomcat.apache.org/tomcat-8.5-doc/config/http2.html > >The HTTP/1.1 connector docs allude to this fact: >http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#HTTP/2_Support > >... but it's not explicitly said that the APR connector is required. >From my reading, NIO+OpenSSL should work. Is that true? Correct. >Of course, NIO+OpenSSL requires that libtcnative be available, so the >only question is whether NIO+OpenSSL is as reliable as the APR >connector (or vice-versa). I'd opt for NIO+OpenSSL as my first choice. Mark > >Thanks for putting together this guide, Tobias. > >-chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 6/1/17 11:46 AM, Mark Thomas wrote: > On 1 June 2017 15:33:46 BST, Christopher Schultz > wrote: >> Tobias, >> >> On 6/1/17 3:53 AM, Tobias Soloschenko wrote: >>> a long time ago I tried out to install Apache Tomcat with >>> HTTP/2 support on macOS. I finally got a short time window to >>> complete a developer quickstart guide for that: >> >> Wouldn't this all be a lot easier if you used the NIO connector >> instead of APR? No XCode/OpenSSL/tcnative necessary. > > But then you wouldn't have HTTP/2 support. Well you could have > HTTP/2 if you used 9.0 x on Java 9 but there were a few wrinkles > running Tomcat on Java 9 the last time I checked. Oh, I didn't realize that HTTP/2 required the APR connector. Funny... there is nothing on the Tomcat 8.5 HTTP/2 page that says anything about that requirement: http://tomcat.apache.org/tomcat-8.5-doc/config/http2.html The HTTP/1.1 connector docs allude to this fact: http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#HTTP/2_Support ... but it's not explicitly said that the APR connector is required. - From my reading, NIO+OpenSSL should work. Is that true? Of course, NIO+OpenSSL requires that libtcnative be available, so the only question is whether NIO+OpenSSL is as reliable as the APR connector (or vice-versa). Thanks for putting together this guide, Tobias. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZMDrkAAoJEBzwKT+lPKRYua8P/i1L1nX1lJWas/kkuibL4FKs 5pUkt46CIlAqTQ7e0JEyUOd04J5xMsOOvmJbO36eFiRhLzhlOzSUOR6SI+QZWaZv m38zCov/9pllJEbLK+hjhmrta4Pqj2az499dsVBXH2zY1cSN5JhOosM66YKPpc9s VVCQVEpj7xxliccGGwJMI5ngMTE9NPIMLSmAvCEgp7bYLHe8Rqh17lKuenWHXud7 bqkCIYHDOIOgRWbrQciatwBW9Hs/hIU1uNLjI4z7Z9wSMLWE/LKYp1vV95aYQ/82 0BV+xzkz1iBgffSnJc0fRLeQovdvzWK9VFlnWQ40u1Q7gLPqMA27QWEPrlJJ7RiF IeKL33rmAgVt6NXhKl0JFc7qCwplyf8zvyA3+EdZjyPg+3WnkgWwkijcFgWwMsC9 9bxAkc3+q1WRJeGiz4efxyJFiet3G9oIFqnmeJi48mTiCKubnd4tNitP0j6BeF1F maF5YkMnn5F319A8A8pMYVIQxcJW4ibXJexUryl1BVS4dYOARc1kICFEO+/zPrm/ DGNEpxXgFYiBZeiJel0IrTlZE1Qy/bjzTSZMrwHAdyXQSt7o1TZ7nFnzxxOiNA0H Ga6JDPnbGLHszD5BVMwrObSuefzqZ5d1ewdmZLflUzVd8m/IERubQyVFTQmPkzhC /I/7hs/qt+2rVLiZqXs/ =Pw7+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
On 1 June 2017 15:33:46 BST, Christopher Schultz wrote: >Tobias, > >On 6/1/17 3:53 AM, Tobias Soloschenko wrote: >> a long time ago I tried out to install Apache Tomcat with HTTP/2 >> support on macOS. I finally got a short time window to complete a >> developer quickstart guide for that: > >Wouldn't this all be a lot easier if you used the NIO connector >instead of APR? No XCode/OpenSSL/tcnative necessary. But then you wouldn't have HTTP/2 support. Well you could have HTTP/2 if you used 9.0 x on Java 9 but there were a few wrinkles running Tomcat on Java 9 the last time I checked. Mark > >> 1. Download XCode from the AppStore >> >> >> 2. Install Brew: http://brew.sh/ >> >> >> 3. Download Apache Tomcat binaries > 8.5 http://tomcat.apache.org/ >> >> >> 4. Install APR and OPENSSL with “brew install openssl” and “brew >> install apr” >> >> >> 5. Create pem files in “apache-tomcat-8.5.15/conf” folder - use >> “changeit” every time a password is going to be requested (The >> commands can be executed separately or within a shell script): >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -des3 -out >> localhost-rsa-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -out >> localhost-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in >> localhost-rsa-key -out localhost-key >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl req -new -key >> localhost-key -out localhost-csr >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl x509 -req -days 365 >> -in localhost-csr -signkey localhost-key -out localhost-crt >> >> cat localhost-key localhost-crt > localhost-rsa-cert.pem >> >> cat localhost-rsa-cert.pem > localhost-rsa-chain.pem >> >> cat localhost-rsa-key > localhost-rsa-key-mod.pem >> >> /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in >> localhost-rsa-key-mod.pem -out localhost-rsa-key.pem >> >> >> 6. Uncomment the http/2 connector with protocol >> “org.apache.coyote.http11.Http11AprProtocol” in the >> "apache-tomcat-8.5.15/conf/server.xml" >> >> >> 7. Tomcat native installation >> >> Extract “apache-tomcat-8.5.15/bin/tomcat-native.tar.gz” >> >> Go into folder >> “apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native” >> >> Run “./configure --with-apr=/usr/local/Cellar/apr/1.5.2_3/ >> --with-ssl=/usr/local/Cellar/openssl/1.0.2l” >> >> Run “make” >> >> >> 8. Create a setenv.sh file within the /bin folder and add >> lines: >> >> >LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/Cellar/apr/1.5.2_3/libexec >/lib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nat >ive/.libs >> >> >> >JAVA_OPTS="-Djava.library.path=/usr/local/Cellar/apr/1.5.2_3/libexec/l >ib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nativ >e/.libs" >> >> >> >> 9. Start Server >> >> >> * Note1: The paths might be adjusted according to the version of >> openssl / apr / tomcat-native / tomcat version >> >> >> Logs: >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded >> APR based Apache Tomcat Native library [1.2.12] using APR version >> [1.5.2]. >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR >> capabilities: IPv6 [true], sendfile [true], accept filters [false], >> random [true]. >> >> 01-Jun-2017 09:32:46.551 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent >> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL >> [true] >> >> 01-Jun-2017 09:32:46.556 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.initializeSSL >> OpenSSL successfully initialized [OpenSSL 1.0.2l 25 May 2017] >> >> >> My question regarding this guide: Is there anything which might be >> changed or is bad practice? > >Everything looks good to me. > >Whenever I try to build tcnative on my Mac, I find that XCode has >broken some kind of symlink somewhere that I need to correct in order >to use clang from the CLI. Some notes about how to work-around that >would be good. > >-chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Developer quickstart guide for Tomcat with HTTP/2 on macOS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tobias, On 6/1/17 3:53 AM, Tobias Soloschenko wrote: > a long time ago I tried out to install Apache Tomcat with HTTP/2 > support on macOS. I finally got a short time window to complete a > developer quickstart guide for that: Wouldn't this all be a lot easier if you used the NIO connector instead of APR? No XCode/OpenSSL/tcnative necessary. > 1. Download XCode from the AppStore > > > 2. Install Brew: http://brew.sh/ > > > 3. Download Apache Tomcat binaries > 8.5 http://tomcat.apache.org/ > > > 4. Install APR and OPENSSL with “brew install openssl” and “brew > install apr” > > > 5. Create pem files in “apache-tomcat-8.5.15/conf” folder - use > “changeit” every time a password is going to be requested (The > commands can be executed separately or within a shell script): > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -des3 -out > localhost-rsa-key 1024 > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -out > localhost-key 1024 > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in > localhost-rsa-key -out localhost-key > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl req -new -key > localhost-key -out localhost-csr > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl x509 -req -days 365 > -in localhost-csr -signkey localhost-key -out localhost-crt > > cat localhost-key localhost-crt > localhost-rsa-cert.pem > > cat localhost-rsa-cert.pem > localhost-rsa-chain.pem > > cat localhost-rsa-key > localhost-rsa-key-mod.pem > > /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in > localhost-rsa-key-mod.pem -out localhost-rsa-key.pem > > > 6. Uncomment the http/2 connector with protocol > “org.apache.coyote.http11.Http11AprProtocol” in the > "apache-tomcat-8.5.15/conf/server.xml" > > > 7. Tomcat native installation > > Extract “apache-tomcat-8.5.15/bin/tomcat-native.tar.gz” > > Go into folder > “apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native” > > Run “./configure --with-apr=/usr/local/Cellar/apr/1.5.2_3/ > --with-ssl=/usr/local/Cellar/openssl/1.0.2l” > > Run “make” > > > 8. Create a setenv.sh file within the /bin folder and add > lines: > > LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/Cellar/apr/1.5.2_3/libexec /lib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nat ive/.libs > > > JAVA_OPTS="-Djava.library.path=/usr/local/Cellar/apr/1.5.2_3/libexec/l ib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/nativ e/.libs" > > > > 9. Start Server > > > * Note1: The paths might be adjusted according to the version of > openssl / apr / tomcat-native / tomcat version > > > Logs: > > 01-Jun-2017 09:32:46.551 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.12] using APR version > [1.5.2]. > > 01-Jun-2017 09:32:46.551 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > > 01-Jun-2017 09:32:46.551 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL > [true] > > 01-Jun-2017 09:32:46.556 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL > OpenSSL successfully initialized [OpenSSL 1.0.2l 25 May 2017] > > > My question regarding this guide: Is there anything which might be > changed or is bad practice? Everything looks good to me. Whenever I try to build tcnative on my Mac, I find that XCode has broken some kind of symlink somewhere that I need to correct in order to use clang from the CLI. Some notes about how to work-around that would be good. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZMCXKAAoJEBzwKT+lPKRY7x8P/jvES/2Z5MZOWcq2mHabGkxu PDPoi9X+gdWet/ucMToyuI0gHoJe9s51RsqWRn5T4jW+XuOmjgKEpgTM2+qbDwpB q3T/ZFWL31YMFwJ3YFOD6MZzQ89MqfK8pLvJ7pIzXjYLWL+8gaAfBXAwg7lmdLr/ TM5fnl5lwzEw9sTdkNZ+o1bIjbs4PkpxKP7X3vZylnwRVKrP/5q3NQirBiXuG/Dn RMlhjAfepog24L/Wja/DAQVgq4EjHfh9KvxytN1WHO7o9x6d9seBCm5PtR+6If3B GxvGSfd47AcbA/T2nUnSAPLrGQheUCWw31StFvsNY1n2z6/6iISabRzxHLL3JPf4 7Qr92AKt9FVFDlzfHlzYWp+zoRcDX+ApjFUUpeMsp/+ZFDzXbZ/0zRu6J+wnDvMF CYRVkv42ct9wXJjEk2WYUint9Hn2xj5BLGMIRk0xFBohFLHMb6eYDeKoAoWGUG/L T4HSt7cfW2NWV84TdewfIN2u2fr9Hkpm8QohB0FcFHJ8LSRUXHcdtFRuE25XBnum RyQkkpKpaBEsVdZ17EBEX1Kh29Apa7HgpeJ7KCiLHoGkf+OUmYnr3Qm9Tv6zdRWo jousTeghGf0/nolys0/+zLkR/lDtjB19r/H2hav7dP7NGxaCio2V2CyWqLwyOcMu QkfKDlXIohfm3W9L+m1E =X9UM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Developer quickstart guide for Tomcat with HTTP/2 on macOS
Hi everyone, a long time ago I tried out to install Apache Tomcat with HTTP/2 support on macOS. I finally got a short time window to complete a developer quickstart guide for that: 1. Download XCode from the AppStore 2. Install Brew: http://brew.sh/ 3. Download Apache Tomcat binaries > 8.5 http://tomcat.apache.org/ 4. Install APR and OPENSSL with “brew install openssl” and “brew install apr” 5. Create pem files in “apache-tomcat-8.5.15/conf” folder - use “changeit” every time a password is going to be requested (The commands can be executed separately or within a shell script): /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -des3 -out localhost-rsa-key 1024 /usr/local/Cellar/openssl/1.0.2l/bin/openssl genrsa -out localhost-key 1024 /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in localhost-rsa-key -out localhost-key /usr/local/Cellar/openssl/1.0.2l/bin/openssl req -new -key localhost-key -out localhost-csr /usr/local/Cellar/openssl/1.0.2l/bin/openssl x509 -req -days 365 -in localhost-csr -signkey localhost-key -out localhost-crt cat localhost-key localhost-crt > localhost-rsa-cert.pem cat localhost-rsa-cert.pem > localhost-rsa-chain.pem cat localhost-rsa-key > localhost-rsa-key-mod.pem /usr/local/Cellar/openssl/1.0.2l/bin/openssl rsa -in localhost-rsa-key-mod.pem -out localhost-rsa-key.pem 6. Uncomment the http/2 connector with protocol “org.apache.coyote.http11.Http11AprProtocol” in the "apache-tomcat-8.5.15/conf/server.xml" 7. Tomcat native installation Extract “apache-tomcat-8.5.15/bin/tomcat-native.tar.gz” Go into folder “apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native” Run “./configure --with-apr=/usr/local/Cellar/apr/1.5.2_3/ --with-ssl=/usr/local/Cellar/openssl/1.0.2l” Run “make” 8. Create a setenv.sh file within the /bin folder and add lines: LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/Cellar/apr/1.5.2_3/libexec/lib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native/.libs JAVA_OPTS="-Djava.library.path=/usr/local/Cellar/apr/1.5.2_3/libexec/lib:/Applications/apache-tomcat-8.5.15/bin/tomcat-native-1.2.12-src/native/.libs" 9. Start Server * Note1: The paths might be adjusted according to the version of openssl / apr / tomcat-native / tomcat version Logs: 01-Jun-2017 09:32:46.551 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.12] using APR version [1.5.2]. 01-Jun-2017 09:32:46.551 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 01-Jun-2017 09:32:46.551 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 01-Jun-2017 09:32:46.556 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2l 25 May 2017] My question regarding this guide: Is there anything which might be changed or is bad practice? thanks in advance / kind regards Tobias